Microsoft has released an update that fixes seven separate Windows vulnerabilities, all of which were rated "critical" by the software giant. As expected, the release patches the way Windows processes .ani Animated Cursor files – Microsoft decided to break its patch cycle because attackers were finding more ways to exploit the flaw in its Windows operating system. Microsoft was first notified of the flaw in December 2006 by security vendor Determina. "I have no idea why they didn't do this earlier," said Nand Mulchandani, Determina's vice president of marketing.
Windows users are strongly encouraged to install the patch because the .ani flaw can be used to exploit computers running virtually any version of Windows, including Vista, even if they are running non-Microsoft browsers like Firefox and Opera, Mulchandani said. "We have more than 400 different URLs identified and related to attacks, and multiple e-mails have been sent out that direct people back there. We have proof that organized groups are now launching attacks," said Ken Dunham, director of malicious code intelligence with iDefense. Exploit code for the flaw has now been added to the widely used Metasploit hacking tool, and there are automated malicious Web site generation tools available, he added.
Link: Forum Discussion (Thanks JorgeIvan)
News source: InfoWorld
Windows users are strongly encouraged to install the patch because the .ani flaw can be used to exploit computers running virtually any version of Windows, including Vista, even if they are running non-Microsoft browsers like Firefox and Opera, Mulchandani said. "We have more than 400 different URLs identified and related to attacks, and multiple e-mails have been sent out that direct people back there. We have proof that organized groups are now launching attacks," said Ken Dunham, director of malicious code intelligence with iDefense. Exploit code for the flaw has now been added to the widely used Metasploit hacking tool, and there are automated malicious Web site generation tools available, he added.
Link: Forum Discussion (Thanks JorgeIvan) News source: InfoWorld
AutoPatcher KB925902 Patch releases
http://www.neowin.net/index.php?act=view&id=38652
Now April 2007, we read:
Microsoft was first notified of the flaw in December 2006 by security vendor Determina...
Makes you think...
I like linux but don't you dare say linux is bug free
But... linux bugs tend not to be able to take out your entire PC.
(Disclaimer: written from a laptop running XP SP2. Not trying to troll, just trying to say what the last guy seemingly couldn't.
Direct Download: http://www.download.windowsupdate.com/msdo...80ef78f7af0.msu
i dont see the need for "patch tuesday"
This used to be the system that MS went with but opted for a monthly system that's more predictable so we know on a given Tuesday to expect some updates.
There is a Microsoft mailing list that one can subscribe to get to advanced warning of what updates are comming up and also this is an emergency update that was released outside the 2nd Tuesday of the month cycle that is known as patch Tuesday.
the_guy
Well, that's good to know; I bunged an extra 2GB of RAM in my box just before WU downed the update and that error got me worried...
edit: why validation is required I'd love to know, seeing as it's their freely available patch that caused the problem
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.